[PLUG-Devel] Security Audit of Joomla!
Brian Cluff
brian at snaptek.com
Tue Sep 12 09:13:21 MST 2006
Darrin Chandler wrote:
> Oh, good! The Joomla! team has finally fixed everything now! Heh. Not
> likely. This isn't the first time they've made a huge update and fixed a
> zillion holes. The problem is that they make holes when they code. So
> there are more in there now, and will be more in the future.
Yeah, no kidding. I had never been defaced until I stared running
mambo/joomla. Since running it, I've been defaced twice. I went
through and set the permissions to be rather extreme, but that killed
off a lot of Joomla's ability to be configured from the web.
There has to be a way you can have your cake and eat it too with the
program.
At least with this latest version it screams at you if you leave
register globals on and even screams till you turn off their register
globals emulation.
Brian
More information about the PLUG-devel
mailing list